General
-
Target
Loader.rar
-
Size
3.8MB
-
Sample
240623-1c8tqssgkc
-
MD5
2e89f31739c6ac701ded0ed7a6847a5d
-
SHA1
5279e1b9c4f0474a8e19bf4f21181ca7645c28e1
-
SHA256
3d346f297b45a547dae58303d7c92363a4013f4df0ebe5af8405215fc306761c
-
SHA512
4030e3502b1a21bb46de8befc1c7c26b1117dd650ef31ba69f3fb0fe42a390fc097a0bb4e6948e7d6f811d10075b927196f9000cd6f83229ca9773aee0b08bb3
-
SSDEEP
49152:Mhhd0zA/0ng+3ByAL0imfEsKoDaaKToTpLDJdThvIP3JfJl6S6A1oFjEv7jJbSj:M7j+xyKKEsFWzY5dTh83NJlyjEv7jlSj
Static task
static1
Behavioral task
behavioral1
Sample
Loader/Launcher.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Loader/Launcher.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Loader/Loader.exe
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
Loader/Loader.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Loader/mainf.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
Loader/mainf.dll
Resource
win10v2004-20240508-en
Malware Config
Extracted
https://rentry.org/Lk51111111/raw
Targets
-
-
Target
Loader/Launcher.dll
-
Size
7.5MB
-
MD5
cbb81f28c5a509e4f7e3e44bc7da74f8
-
SHA1
47145f07bc7d0083d3bd13a9da44bac740952029
-
SHA256
413bf9c2cff6fe7b97eae199683df7f6d648fad4c25cb6d0b7dce335eb69edba
-
SHA512
bc863ebb2f5fd66f342be8befb49889dd275adb15cff95ed378e185190091589c8d1d7a8902ca889a7b2af81588c731bfa0a930f074fecadd9b47a082966079c
-
SSDEEP
98304:koD5geAsEDKN0xOLy2MsmCkQejop7PGXleggxF:kfD/mexOLy0GoNPGXledT
Score1/10 -
-
-
Target
Loader/Loader.exe
-
Size
7KB
-
MD5
a59db21c45ddbf490cb3dbc04a4482b5
-
SHA1
df2dfcadf42b704b1411ad206d4c2daeab0de0d1
-
SHA256
d576ea6364ee599b140b2acb69a0b1e1bad3450dca5716d1f582a65340b28656
-
SHA512
0c9042be85607f3e8b9e70f3b99d79761046653e770813a22a627616e35e4ade5677566e71512dc73e50fbe5a32d148b31420c3930060070f4894d9f8f2747df
-
SSDEEP
192:gSP9nqvjXP3xszgz8mocPcKz4UbvkVQ+cPcKQ8w/HvvNu5dO:gSP9qvLJO9NcPcEkVQ+cPc15v4vO
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
Loader/mainf.dll
-
Size
6KB
-
MD5
dfbad6728654395df7cdc4626686bdd7
-
SHA1
63686f523d7b4bf33c6184ce7d870fa326ce4bba
-
SHA256
ba7ee4cc8044c4aeac2c9b698a32a6d01020097e14730abc7040cd9f0ee0608c
-
SHA512
e2ff8afcd090adc2a846152fa5f0055ade47b8d9a19e6d2ff1f20092b987db98729388142f56af716b8dc659e66188ecfa4ba35b55353e7636a58a78c7ce6abd
-
SSDEEP
96:VUttOfbCgQSbvu/r8NfrHkuixR+0NGUA5ATvHV+f4zUh:V6FgGr8B2R+0M1+rV+Qg
Score1/10 -